1. Скачиваем сам CERBOT:
Код:
wget https://dl.eff.org/certbot-auto
2. Устанвливаем права на CERBOT:
Код:
chmod a+x certbot-auto
3. настраиваем "webroot-path" папка доступна из вне
/etc/letsencrypt
authenticator = webroot
webroot-path = /var/www/grenuydev/data/www/dev.uw-t.com
post-hook = service nginx reload
text = True
./certbot-auto certonly --webroot
test auto renew
certbot-auto renew --dry-run
renew auto
certbot-auto renew --no-self-upgrade
ngnix config:
add file
# cat /etc/nginx/acme
location ^~ /.well-known/ {
proxy_pass http://91.203.5.41:81;
proxy_redirect http://91.203.5.41:81/ /;
root /var/www/grenuydev/data/www/dev.uw-t.com;
}
include acme;
include /usr/local/ispmgr/etc/nginx.inc;
listen 91.203.5.41:443 ssl;
ssl_certificate /etc/letsencrypt/live/example.dev.uw-t.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.dev.uw-t.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
Может пригодиться конвертировать ключи
openssl rsa -outform der -in private.pem -out private.key
openssl x509 -outform der -in your-cert.pem -out your-cert.crt